Posted
by
CowboyNeal
on Friday April 08, 2005 @05:49AM
from the easy-money dept.

The Ascended One writes "Call center employees working for an Indian software company, MSource, supposedly used confidential client information to transfer client funds to themselves. The alleged perpetrators used the personal information of four NY-based clients to transfer ~$350,000 (Rs. 1.5 crores) in their names, a large sum in Indian currency. They were caught after the victims alerted the bank officials in the US, who then traced the crime to the Indian city of Pune. While the name of the bank has not been revealed, the article indicates that the bank in question is Citibank."

A lot of posts here will no doubt be saying something along the lines "see, this is what happens when you outsource". Well, think about it from an investigator's point of view. If money was transferred illegitimately from a US customer to somewhere in the US, it would be much harder to figure out what was going on than if it was being sent to India. By outsourcing the call center to India, it has made the origin of this sort of fraud much easier to detect.

I'm a system administrator and most of my customers are in the UK. So when I'm investigating an incident on our servers, and the logs show some activity from Brazil, it makes my job a lot easier.

I just have to say that this is a bigger problem than a simple "I told you so".

When you outsource certain operations you are giving people who have no connection with your customers their private information. Banking account numbers? Some people still don't use online banking because it scares them and we don't see this as a huge liability?

Really, what if a few thousand credit card and bank account numbers got into the hands of suspected terrorists? If they made a one time shot at getting items to fence or cash withdraws (wire transfers) and split, they suddenly have resources that was taken right from the American people.

I'm by no means saying that you should be suspect of *any* foreign person or enterprise. I'm thinking of the type of people who *might* get their hands on my/our information. What good is it to give to the people like EPIC [epic.org] when we give our information to people we can't necessarily track down? Can anyone guarantee that we will be able to bring someone to justice, under our laws (and equally for their benefit the Constitution)? I've worked on the phone making sales, and the problem we had was we were banned from taking credit cards because a few people screwed it up for everyone.

Of course, if someone wants the information they can get it. It just makes me wonder why we give our sensitive information to a foreigner when we need parts for our Dell (and by extension everyone else I don't care to list).

Because it's cheaper than giving it to a `fellow American`. I should have thought that were obvious.

I find this odd. Many Jobs that I have tried to get they will not give you if you have bad credit because you are a potential security risk. But now those same companies outsource to some of the poorest countries. How is this not a security risk?

What connection do local call centres have with a banks customers that people who live further don't?...

it's cheaper than giving it to a `fellow American`. I should have thought that were obvious.

A Ha, and you've discovered my complaint. We get paid a lot more, we have less motivation to steal. We depend on that job, we have built a life around it. The paychecks are okay, so the risk to benefit ratio tells me not to steal from customers. On top of that, they are fellow countrymen.

However, in India it is a different story (don't flame, just an example).

The Indian worker is getting paid a fraction of what you've just spent. I sure hope there was no contempt in your voice - contempt breeds contempt. The tech looks at his check and sees a nice amount of money but he sees another option. Really, if he loses this job there will be another American company who will come around (best part is, they don't talk to each other). We've created the economic situation where it makes sense to work for a few weeks and rip a few hundred people off. An organized effort could be dangerous.

No matter... bring the work home and solve the whole problem that way.

The Indian worker is getting paid a fraction of what you've just spent.

And here is the fallacy in your argument.That indian tech may be getting a fraction of what YOU make per year. But, he is getting MANY TIMES as much as as the average Indian worker. Wealth is RELATIVE to your PEERS. Read any news story on outsourced workers and you see that they have some of the best living and working conditions in their country. Some even better than a lot of American workers.And who says that Indian guy doesn't depend on his job? Why couldn't he have built a life around it? Just because they make fewer "American" dollars than you do, doesn't mean they're poor or any less deserving of what they have.

Everything is cheaper over there. The cost of living is way lower. This is why companies move their business there. They can pay him half what you make, and he still makes 3x as much as the next INDIAN worker.

Stop making the same WRONG argument that less american $$ = less skilled or less dedicated to one's job.

There was more contempt in your post than in its parent. You could do the SAME crime working as a first level hell-desk worker in the states. But I guess that would be okay because you "brought that work home."

And here is the fallacy in your argument.
That indian tech may be getting a fraction of what YOU make per year. But, he is getting MANY TIMES as much as as the average Indian worker.

And here's the fallacy in your argument - that same difference in pay scale/cost of living means that the $350K US that they made off with was worth a whole heck of a lot more to them than it would be to you.

Would I risk something like this for 10 years' salary? Nope.

Would I risk something like this for 50 years' salary? I'd like to think no, but I've never been tempted like this...

Would I risk something like this for for more money than I could otherwise reasonably expect to earn in my lifetime? Maybe. Imagine yourself in a situation where a few minutes effort would net you $10 million of someone else's money. Can you be sure that you wouldn't consider that at all tempting?

I'm not sure where these guys ended up on that scale, but I suspect that you're still talking about enough money to live comfortably for 20-30 years. The cynical part of me says that their real problem was that they didn't steal enough. If it had been a few hundred million, then they wouldn't be thieves, just international market speculators...

Would I risk something like this for for more money than I could otherwise reasonably expect to earn in my lifetime? Maybe. Imagine yourself in a situation where a few minutes effort would net you $10 million of someone else's money. Can you be sure that you wouldn't consider that at all tempting?

That reminded me of a Twilight Zone(?) episode where the following dialog takes place (stolen from a website):

"...a dark stranger brings a box to a man's door, promising wealth if he only presses a button on

The problem with your argument is that companies do not move their businesses over there at all, they just hire employees at arms length and pay them at cut rate, but still keep their businesses in the US. The OWNERS and EXECUTIVES don't want to go to India, it sucks there, and can be dangerous. It's far away from their family, friends, banks, wall street, etc. To them India is a cheap people farm. They're not investing in India, they're not trying to build it up as an industrial or business superpower, they're just using it and if it gets expensive they'll find another impovrished country to bully.
Meanwhile jobs are taken away from American workers in their own country. The same country whose taxes fund a legal system, military and police force which allows them to retain their money (be it real estate, investments or liquid cash). The same country were the average guy will have to go fight in a war to protect their business interests at pretty much their own whim. In some of the countries they are using for cheap labor, each executive, owner or investment company has enough in LIQUID cash to feed a city for years, don't tell me that their governments would try hard to find someone who in fact stole their money should it have been placed overseas. This person only got caught because he stole so little and stole from an American bank. If it was the First Bank of Nowhere India, who knows what would have happened.
No I don't give a rats ass about the average Indian, but unless India wants to pledge itself as a commonwealth of the US I don't have to. They're on their own. In my opinion US companies should not be allowed to use their labor. Those companies need to stand on their own, and sell their services (properly tariffed) to US companies. The government could then control the cost of living in the US with respect to other places and reduce it slowly, which I think is probably necessary. Watching so much of this contries technical experience get outsourced only makes me wonder if we'll be able to do anything locally in the US in 20 years except make bad music and TV and change bedpans.

I know you say 'I'm by no means saying you should be suspect of *any* foreign person..' - but really you don't mean it. You wouldn't have made such a post in the first place if you didn't really mean it.

At the end of the day we are a global economy.. our card numbers and personal bits of information have been flying all over the globe for years now. Quite frankly I trust the people working in the indian call centres as much as I trust the person working down the

I for one am glad of the security I can place in trusting my fellow national. Ever since foreigners started bombing federal buildings, sending bombs to universities, sniping people randomly in Washington, and god knows what else, it's good to know that we can draw a clear line between "us" and "them"

Main Entry: sarcasmPronunciation: 'sär-"ka-z&mFunction: nounEtymology: French or Late Latin; French sarcasme, from Late Latin sarcasmos, from Greek sarkasmos, from sarkazein to tear flesh, bite the lips in rage, sneer, from sark-, sarx flesh; probably akin to Avestan thwar&s- to cut1 : a sharp and often satirical or ironic utterance designed to cut or give pain 2 a : a mode of satirical wit depending for its effect on bitter, caustic, and often ironic language that is usually directed against an individual b : the use or language of sarcasm synonym see WIT

All the crimes he mentioned were done by American citizens. Bombing federal buildings? McVeigh. Mailing bombs to universities? Kaczynski. Sniping people in Washington DC? Malvo. At least two of them thought they were fighting for their country, which they (somewhat correctly) saw as having been overrun by greedy corporate/big government idiots. I'm pretty sure Malvo was just getting a kick out of killing people.

In light of these examples, the "War on Terror" looks like a silly, yet all-too-serious, grab for power. In other words, I think you're preaching to the choir.

Yes, because Jefferson, Franklin, Hamilton, et al set off carts full of blasting powder in front of crowded Offices of the Crown, randomly killing people, and this is how the US won the war of independence.

Not that killing children in daycare is a good thing. But why were people in a federal building hiding behind children anyway? They know wackos attack federal people from time to time

WTF are you talking about? Name one attack on a Federal building prior to (or after!) McVeigh. They weren't "hiding behind children" because they had no idea there was anyone to hide from.

Bet some government wonk was dumb enough to beleive that nobody would ever think of attacking them with children as a flesh shield.

Bet it never occured to anyone that some dumbass would think it worthwhile to set off a bomb in front of a building full of boring, miscellaneous government drones smack dab in the middle of Dullsville. Really, what kind of tard do you have to be to pick such a stupid target? If he wanted a symbolic hit against the FBI or BATF, he should have picked a FBI or BATF field office, instead of a building with mostly Social Security and postal service workers.

McVeigh did some fucked up shit, but I still cannot help but feel some respect for having the balls to do what he did.

I have trouble respecting mental midgets with delusions of grandeur simply because they fancy themselves super-patriots. A man walking down the street randomly cutting of people's heads while shouting "no taxation without representation" is no patriot in my book either. I might agree with the premise McVeigh started from, but I'd have to give him a big fat zero for his chosen conclusion. Fuck McVeigh. Fuck him twice. He was a typical macho failed-to-get-into-Ranger-school-so-he-left-the-Ar my dumbfuck that gave other Desert Storm vets like me a bad name for a long time.

If more Americans had the nuts to take their government to task for oppressive things they have done to this great country, things wouldn't be as shitty and corp-controlled as they are.

Yes, but blowing one another up is not going to get the feds off our back. I guarantee that no amount of purely symbolic random bombing is going result in anything more than further oppression.

But here I am posting anonymously because I am afraid of what the government might do to me for speaking outside of the "official truth".

Talk about delusions of grandeur. The government doesn't care about some guy on a message board spouting off about patriotism. Really, you sound like an actual tin-foil hatter who thinks the government is trying to read his thoughts. The flaw in that line of reasoning is the presumption that the feds even give a fuck about a a nobody like you (or me, for that matter). They don't care about people like us! Get over yourself!

1st of all, Osama and crew are funded just fine, they don't need your piddly thousands per account scam to pay for their efforts...

if you DON'T outsource- aren't you still giving people who have no connection with your customers their private information?

C'mon, it doesn't matter if the call center is in bangalore or in tampa bay, what matters is the legal hoops required to get it back/make reparations...

remember the afghanni woman who had been hired as a medical transcriptionist but not paid for her work? and threatened to make US citizens medical records public? she wasn't breaking any afghanni law, and she had NO OTHER RECOURSE for recompse for her labors.. (and good for her) the only real bonuses to outsourcing can be mitigated by differing laws, and the ability to 'seek damages' internationally...

These kinds of (employee, white collar) thefts occur.The fact that it was overseas should not make it/. newsworthy unless there was some amusing or technical quirk in international law that made it newsworthy.. I see nothing however, in the headline, any different than a NY times biz blurb about any other fradulent scheme at a major us corp..

With my work experience I can say that I it's so scary, that it makes me want to switch to cash and money orders for everything.

NOTE: I have access to 1 million new SSNs a month.

Consider some of my offshore counter-parts that US law inforcement would have a hard time prosecuting. Someone could sell that data for $250k or, then buy themselves protection from US authorities in a state that doesn't extradite.

yeah! and another good thing about outsourcing is that the dollar goes so much further in countries like India, so the criminals need to steal less! Why, I bet if Citibank hadn't outsourced that call center and the theft had occured in New York or somewhere, it woulda been a couple million!

I totally agree with your argument, but I wouldtake it a couple of steps further. Since $1 USDgoes so much further in India, instead of justoff-shore out-sourcing the "worker-bee" jobs there,we really should be moving the corporate officersand board of directors jobs there.

Just think, instead of a "Bernie Ebbers" who cooksthe books to the tune of $11 Billion USD in orderto keep that quarterly profit/quarterly bonus pyramidscheme going at MCI/WorldCom, or a "Fiorina" that
has to be bribed $45 Million USD to leave HP,the major shareholders could be looking at animmediate 80% cut in pay and bonuses to theircorporate leadership by moving those jobs off-shore.

It isn't as if these US corporations wouldn'tdirectly benefit from hiring the top 1% ofIndian corporate officers, instead of the ethicallychallenged USA-trained MBAs that we have now.

The problem is jurisdiction. It's a lot simpler to investigate and prosecute crimes when they happen within a single country. Police detectives can obtain warrants and subpoenas from a local judge. They don't have to deal with the State Department, another country's foreign ministry, and prosecutors and police who have their own priorities and may not care if some local boys rip off some foreigners. Extradition, even when there are treaties in place, is relatively rare. It is usually reserved for the most serious crimes, like first-degree murder. Many countries will not extradite their own citizens, as a matter of policy.

How is this easier? Money transferred from one bank account to another bank account is more easily traced within US. Our banks must follow strict guidelines, banks in other countries many nto have those same guidelines. If they transfered this money to say a Swiss bank account that didn't have any personal information attached to it - the police may never have caught a person. They might have been able to get to the account, and retrieve the money, butgettin a persons private info is much harder.

So when your logs show activity in Brazil, how is this easier then if your logs show activity in Maine?

I work in InfoSec and did a consulting project for a company that sells software (for clearing checks) to a lot of major banks. I was amazed how insecure banks realy are ! however the banks rely on thier ability to audit all transactions more than secure policys and procedures. So to sum up, it is easy to steal from banks it is hard not to get caught.

So true. Back in the early 1990s I worked for HP Test & Measurement (which mades test equipment that is now known as Agilent). My fellow AE who specialized in telecom/datacom test equipment came back from pre-sales demo at Wells Fargo Bank at their main IT center in San Francisco. Apparently HP wasn't going to get any business from them anytime soon: the demo didn't go well. My buddy thought he was showing them something that could help them debug and harden their Automated Teller Machine network.

I had a call back from Citibank, an 'anti-money laundering' call to check the purpose of the money transfer requesting the telephone number of the **** company to receive the money.

I never provide any sensitive information to any entity on an INBOUND call. I completely confused a poor Discover rep once when they called and needed to verify something and I refused to give them my information to verify myself as the account owner. I asked them for a department name and reference ID of some sort so I coul

It doesn't matter where people are located. What matters is that you have trustworthy people handling your business. And, you know what? Untrustworthy people are everywhere.

I, for one, do not buy into this Lou Dobbs racist/nationalist claptrap that says that we can't trust foreigners. I'm one of the biggest foreigners around, if you consider all the places I have to travel to that I'm not actually a citizen of.

Hey, bad people are in India. And in the U.S. And in Europe. And in Asia. Oh my god! They are everywhere!

Luckily, the bad people are outnumbered by the good. I can just take a look at my lists and figure that one out.

It doesn't matter where people are located. What matters is that you have trustworthy people handling your business. And, you know what? Untrustworthy people are everywhere.

If your employees are proud to be part of the firm, and if you treat them with respect and pay a decent wage, they are less likely to turn to fraud. However, if you treat them like shit and pay peanuts, they are more likely to become disgruntled and commit fraud or (digital) vandalism. Yes, just like in 'Office space'.

The current relentless drive to reduce employee costs to a minimum does not help in that respect, in any country. From what I understand, Indians are currently happy with their current wages (and often very odd working hours). But what will happen when the squeeze from even cheaper Chinese workers is on?

On the other hand, you don't have to be poor to be so consumed by greed that you're willing to steal or commit fraud to further line your pockets. Just look at Enron, Worldcom, etc if you want proof of that.

On the other hand, you don't have to be poor to be so consumed by greed that you're willing to steal or commit fraud to further line your pockets. Just look at Enron, Worldcom, etc if you want proof of that.

Too true. There are two problems to consider. Rampant poverty will increase crime. Especially in the event where labor is being done, but the laborers are not reaping the rewards of their labor. So that's one contributing factor, in the U.S. as well as abroad.

A second contributing factor is the culture of greed that dominates in the modern world. Wealth without labor is the new goal. One of the most elequent discussions of this I have seen was by harvey pekar, in an issue of American Splendor (sorry, don't remember what issue). But we have a culture (which we are aggresively exporting) which places more importance on the possession of wealth than on honesty, integrity, or a strong work ethic.

I'm hoping that this is actually changing, that the Bernard Ebbers, the Dick Cheneys, the Kenneth Lays and Darrel McBride's become outcasts and pariahs, shunned and hated enough by society at large that people feel a strong enough social pressure to mitigate their greediest instincts.

Nonsense. Most of the fraud committed at banks occurs because of duress. Namely, the husband or boyfriend threatens a teller or personal banker and says "Steal money, or I'll hurt and kill you, or the kids, or the dog." (Yes, you would be surprised how often it is the dog.)

I agree to saome degree. It doesn't matter if the employees are yellow, red, green or black.

Most/all people are for sale if the price is right. And for people in India, the sum is maybe 1/100th or 1/10th of what it is in the USA. So by outsourcing to a country with low living standards, you can expect more crime because more are tempted.

I have also seen this in a company I worked in. Too much money - and people was tempted.

Exactly right. People don't understand this natively, but when I explain it this way they get it:If your annual wage is 600$, then you can work all year to scam 600$ and its a good job. So putting in what to us is rediculous amounts of work to scam 50$ is normal to someone making that in a month.

This will only continue; witness what happens on the US-Mexico border if you need more evidence. US average income is 4x Mexican with less internal disparity. Now contrast that with India, which is 1/12 US per capi

Whatever you tink about Lou Dobbs, it's very irresponsible to just dismiss him as a racist.

Even "nationalist" is nonsense, he's merely pointing out one of the problems with unresitriced and unbalanced "unfair" trade. Now, you could argue this is a good thing, and we could point out the problems and have a discussion. But by labeling him a racist, the only thing you're trying to do is to "shut down" any arguments by coming up with ridiculous ad hominem attacks.

I'm an immigrant to this country, and I'm not a fan of outsourcing. I'm all for other immigrants from all over the world to continue coming here and contributing their talents to our local economies, but there is a problem when now people don't even want to become US residents, because they jobs are being drained away from here. We're about to face a serious crisis, when our technological workforce is being decimated by these companies. And there's nothing racist in pointing that out, nothing.

As for security, I don't think most if any people here are saying that a particular nationality is less trustworthy. But you'd be a fool if you don't recognize that some of the safety mechanism we enjoy in this country, are not as robust or even exist in other parts of the less developed world. As we deal with the poorest of nations, with our sensitive data, we have to be *extremely* careful. Already, there have been incidents of bribing by local crime syndicates in some of these countries to obtain data to steal identities. Can that happen in the US? Of course! But the question is, where is it more likely, and what are the protections we need to employ in these situations.

There's a rich discussion to be had on this topic, but please, try to come up with something better than "they're racist".

I wonder if this can be called hacking, looks more like a combination of poor process and security management on the part of Citi (if it is indeed Citi).
Companies in the US should be wary of the extent of employee churn that happens in BPO firms in India. I'm in India, and I often get to hear of ex-employees stealing databases when they leave...

I only hope this news flashes through the industry and gets in the heads of CEOs and PHBs everywhere who then start aborting outsourcing attempts.

If you're in Europe, fear not, the data protection act bars your personal information from leaving the EU (i think?).. unless its going to the CIA so they can have you extradited without trial.. Either way, if you're worried, call up your bank and demand to know where they send your data, its public information by law.

So they should start aborting outsourcing attempts because the US doesn't have data privacy laws?

Rather than phoning up your banks and finding out where your information is ending up, which can be a tedious process, shouldn't you be phoning up your congress representatives and asking them to enact laws which provide for your privacy?

I only hope this news flashes through the industry and gets in the heads of CEOs and PHBs everywhere who then start aborting outsourcing attempts.

I'm not sure Indians are any more likely to jot down card numbers that thier minimum-wage US counterparts. Except, of course, that an Indian phone jockey makes a better wage (by local standards), arguably giving them less reason to committ such fraud.

It's annoying when you can't understand what someone says on the phone, sure, but I don't think they're any more likely to be criminals than thier western counterparts.

You misunderstood, Im not saying they're any different from non-outsourced workers, im just saying i HOPE that people in charge get a knee-jerk reaction to stop outsourcing so that jobs can go back home, in fact in many cases, outsourced people work harder and are more loyal! - thats the whole problem!! who wants to compete with hard-working, loyal and cheap employees? we want our jobs to stay at home.

Ok I have an abbey account and I recently needed to contact them regarding some information I required so I called them. A woman answered the phone and she was noticebly indian her accent was way to heavy anyway I conclude my business with her (only having to repeat myself a couple of times.I then did some checking aparently the credit card division had been sold to an american company who then outsourced the call centre to india. I had not been told about this by my bank. So without my express written perm

It's different because there's no clear path of liability as far as the company is concerned and there is no clear path of prosecution. Of course the money is insured against things like this but when it becomes enough money defrauded it can become a serious problem.

If you steal money in the US (unless you're an exec) you're going to be tried, fined and jailed. What happens if you do it from another country? It's possible that some of the things done

Well, it's not so much a case of us-versus-them, but a matter of accountability and proesecuting them. An earlier poster made the case that this makes it somehow easier to track, but I think this is an absolute load of claptrap

Remind me again, exactly how many people are there in India? So how exactly does the fact that you know it originated from India help you? Or say Brazil, China, etc - all of these places, though poor, are in fact heavily populated, densely packed, and often the authorities are

It's just a different way of grouping of decimal places. In India it's common to have them group two decimal places instead of three. Get a better description here: http://www.answers.com/topic/indian-numbering-syst em [answers.com]
Globalisation is however making indians, albeit reluctantly, shift to the million/billion system, but it'll take time...

Citicards, the Credit card division of Citibank, got a new CIO several months ago. Mitchell Habib. He came from GE Medical. Before leaving there, he outsourced about 75% of their IT staff to India. He's currently doing the same at Citi. I worked there as a contractor. Two other contractors on the team and I were unable to get our contracts renewed because it came down from on high that all new contracts had to go thru TCS, Tata Consulting Services. They are the Indian outsourcing company that he used in the past. I recently went back to visit some friends and met my replacement. A nice young Indian guy making a third to a quarter of what I made there.

From what I understand, the standard rate for calculating your budget for contract work went from $70/hr to $22/hr. Of course, I believe they charge around $40/hr for their workers in the states.

Thats exactly the problem though. If you are willing to work for $22/hr. You need to get a job with TCS first, and then get sent to Citi. Now it's a lot like going to work a staffing firm based in the US, who has a contract with another company in the US...

How easy is it for you to get a job with TCS if you are already based in America ? Not very easy. Plus if a company like USAA and Citibank have given exclusive contracts to TCS, then it makes it extremely hard for local recruiting agencies and talent to get the job. How come every company that has a contract with TCS ends up having 20-30 new indian contractors ? Something needs to be done about these exclusive contracts, and TCS needs to be told to first look for local talent. I know lots of people who have lowered their rates, just to compete with the Indians, but these exclusive contracts to companies who naturally are averted to experienced local candidates (can't exploit them as well), needs to be changed.

PS: I am an indian immigrant myself, I moved here when I was 13. And, I am competing for my job with classmates I had in India. I'm not racist or a bigot. I haven't lost my job to an outsourcing firm etc, but thats because I rarely work for large firms that can afford outsourcing in the first place.

Habib is what is called a "hatchet man". He is brought in to give people the hatchet, to chop or cull them out of the business. In the end, when the hatchet man has cut enough people, he himself is given the hatchet. Unfortuantely for the American workforce, hatchet men move from company to company, being used like a freelance assassin with a seriously overdriven work ethic, wiping out hordes of workers. Habib is the ultimate expression of the mercenary consultant. In a way, we are all guilty of creati

It keeps reloading and reloading and reloading... I didn't have the patience to try to read the source to find out what it is. But it's creepy to hit the down arrow on your back button and see the same page listed halfway down your screen. WTF?

I once called a creditor of mine and was obviously routed to an overseas call center. The gentleman on the other end of the phone after asking me my issue asked me my social security number. I was hesitant to give it away to a guy in india making $.50 an hour but figured I was being paranoid.
I gave him the number and he said please hold. The next thing I knew he put me on hold and I was transferred to another service representative (in the us) who also asked for my social security number. Well needless to say I let them have it basically "Why would they ask me for my social security number to transfer me?"
I started checking my credit report and stopped doing business with the bank. Nothing came of it and I was being paranoid but the reality is this sort of thing can happen anywhere. At a restaurant you give the server your card. Most servers make low wages and they take your card off to the back room usually.

This brings into issue all the medical, supposidly confidental, data that gets sent to India for transscribing. I hope companies from around the world take a look at the amount of personal information they are sending to around the world with out thought of who might be watching it.

"This brings into issue all the medical, supposidly confidental, data that gets sent to India for transscribing. I hope companies from around the world take a look at the amount of personal information they are sending to around the world with out thought of who might be watching it.

Corporations as a whole do not care at all about the personal data that they send anywhere; the data is simply a commodity. To companies that are used to dealing with large amounts of commodities (including personal information), the loss or compromise of a certain percentage of the commodity is tolerated and expected. For corporations it is cheaper to pay for the loss than it is to prevent the loss.

Do the editors really need to emphasise that the scammers were indian? I don't want to sound naive but do the editors really want to turn this site into a populist racist forum?

Security is a 'system', and altering or extending a system, can open it to risk that were not originally envisaged when it was established. Adding a new site, adding additional computer systems, new network(s), new operative etc all can alter the security threat mix.

Extending a secure system to a new country, a new language group, a new multi-cultural mix, will also expose the system to a new mix of threats. Ths issue of extending such a system to a different continent, particularly if the operatives there are working at the higher(est) levels, entails exposing the system to all the differences between the new location and the old.

Whether the staff are physically in India or hold Indian state passports is incidental. The significant factors are, a) how close or removed they are from the cultural assumptions of the systems designers, b) how exposed they are to personal weakness, c) how exposed they are to external influence. These are sometimes referred to as Antipathy, Jealousy, Poverty, and Corruption. Placing a call centre in Dehli, Amritsar or Goa would vary the mix, as would placing it in Belfast, Glasgow or Ipswitch.

Looks like a slow day for Slashot if this type of stories get posted =)

According to the police, Thomas, who worked in the callcentre for six months before quitting the job in December 2004, had the secret pincodes of the customers' e-mail IDs, which were used to transfer money. In January, he roped in his friends and transferred money from four accounts of the bank's New York-based customers into their own accounts, opened under fictitious names.

The story doesn't even have enough info to classify it as social engineering. People used confidential information to transfet funds. Ok, they used the Internet to do the transfer. Ok, they got PINs from customer emails. What's in there to learn? Where are the "news for nerds" here?

Although this particular sort of naive fraud is unlikely to repeated for a while at Citibank, Citibank has a history of association with much more sophisticated and serious fraudulent activity. I refer to Citibank's crucial role in suggesting, creating, structuring, and maintaining the complex banking and hedging schemes for both Enron and WorldCom. Forget the Enron and WorldCom directors for a moment. The Citibank directors who were involved should be held accountable for their contribution to the frauds and yet they have all somehow managed to evade proper censure; indeed they still hold company office - that's absolutely not right. The SEC and AG have done nothing with any of them. Let's avoid using Citibank and let's see why they they get away with their activities...

Some background on Citibank's unresolved history of association with serious fraud:

$350,000 is a menial sum compared to some of the huge fraud that happens in the Western World (just look at Worldcom as an example).

However, outsourcing to people in less developed parts of the world means that much smaller (and presumably more "readily available") sums of money can provide them with a very good living still & make committing fraud worthwhile in the firstplace.

There are no intended racial overtones in these comments, just observations, and quite frankly it's the mega-corporations I laugh at now that they will start to get their "just desserts" for messing up the economies and lives of so many people for the sake of a few bucks.

Let's face it, if you're a Citibank (if that's who it is) customer that got ripped off by this, you'll get your money back anyway because it's obviously a security issue with the bank themselves, not the customer's fault.

I say good luck to the Indian call centre workers - they're being used as the 21st century equivalent of sweatshop labourers anyway so they should grab what they can before they demand too high wages and they themselves get dumped by the corporations like a lot of the rest of us have.

I think most people here are really missing the point of this story. Up until now, the only jobs that were being outsourced to India were call centers, software engineers and a few other white collar jobs.

With this event, something much more serious has taken place. We have begun to outsource criminal activity. Oh the horror. What about the children of the criminals in the US? Where will they get their crack money?

This is very serious. We need to act now to prevent tossing away the lives of those in the US who have worked sometimes for their entire lives committing crime. While it might be possible for an engineer or call center employee to be retrained for a new job, we have lots of experience that says we are not very good at retraining out crimininals. After all, there are only so many CEO positions available in the US.

I have an Indian guy in my office, and I got him to make a list of several very offensive curses in his native language. If I suspect I'm on the line with someone in India that is faking a name and accent, I play along for a bit and then say something on the list (I have no idea what they mean). A lot of times the American accent breaks down and I hear some yelling but it appears to be an effective litmus test. An American on the line just says "huh? cell phone going out?"

Having recently returned from India, one of the biggest things I found was that almost everyone was trying to find a way to part you with your money. Strangely enough, the only place that this wasn't true was in the area near Pakistan (the desert) where the only industry is tourism and the most important need is water.

Leading up to our trip, everyone told us to watch out for pick-pockets. We did not find this to be common. Of course, there were countless people who are willing to tell you anything, including flat-out lies, to take your money.

People ask me for money every day as I travel to and from work. A few times a week some company will cold call me and attempt to part me from my money. My inbox is full of spam and phishing emails trying to get me to give away my money - knowingly or otherwise. There are probably people working in the call centers of my bank selling my details to criminals.

This proves that the trouble with outsourcing a call center is with confidential information. Another major problem is pissing off your customers/clients because they can't understand the customer service agents strong accent. I've read several major publications all claiming the above two reasons for not outsourcing their customer service to another country.

There are new laws in the US for privacy. These laws are forcing financial institutions and health insurance companies to better secure their customer/client data. I work in an enterprise environment where we are currently implementing major security changes across all systems just because of the privacy laws. Here's a list of only some of the changes:

1. All users who have access to customer confidential data are completely logged with a full audit log. i.e. you just query a client and only read the data, it's logged. You query a client you shouldn't need to query and a red flag goes up. All transactions are logged and audited. Customer service reps have FULL ACCESS to all client data and transaction history. This need to be protected as much as possible.

2. All users who do not 'need' access to the client data have been removed from access. This includes programmers who once had access to production systems and live customer data. If a production problem occurs, the user has to contact their manager and request a special temporary user ID that is set to expire in 24 hours. This temporary id is issued to the user and reset. When the programmer or engineer is done with the user id, it's returned and reset. If the id is not returned, it's reset automatically within 24 hours or less. These special temp ID's have extra security and logging is more aggressive.

3. All access to client accounts, even access via clients themselves is logged.

4. All call center calls are recorded and archived for long term storage. Clients are told they are on a recorded line three different ways, once the automated voice system tells the user that all calls are recorded, the agent answers the phone and tells the client they are on a recorded line, and three there is a beep now and then to remind the client. Also they are recorded while on hold (just because it's easier then trying to stop recording). I would love to hear what people say when they think they are on hold and no longer being recorded! Call center manager frequently listen in on their service agent calls and review recordings daily.

5. There are departments such as special investigations and some legal departments that end up researching and reviewing logs when necessary. i.e. constantly looking for fraud or assisting the SEC, FBI, or police in an investigation.

Now, you outsource a customer call center to India and you let them access your client data. They need full access just like your local staff did. Trying to secure that data becomes much more difficult then if you are doing it here. Situations like what happened to Citibank are just one possibility. Another one, would be if the Indian Companies network is breached or their servers hijacked? Who really knows, because it's no longer on your network, how do you control the security? Obviously, you can't just host the servers in the US and provide the Indians a secure uplink, the cost is prohibitive and the speed is not great enough. You would have to put the servers in India. Imagine a 1,000 call center reps hitting the servers 24/7 with queries, you can't just pipe that to the US over a leased line!

Outsourcing customer data access to another country opens up major security questions as well as customer relations. I called 411 (information for local telco) and ended up talking to an Indian who couldn't get the name of the restaurant right even though I spelled it for him (Alpha Tango Foxtrot, etc) and kept giving me the wrong number. I gave up and went to the Internet to get the phone number! Try calling Circuit City sometime! I love how they answer the phone with a thick Indian accent but say their name is Chris or Richard! What a hoot, aliases to make them sound American!

It's too easy to scapegoat Indian call center workers and saying "I told you so". There have to be far more instances of this taking place stateside in the past. I'm sure banks went into overdrive to spin the media coverage on them. Now, we'll probably see a littany of op-eds from morons at the NY Times eluding to how Indian workers can't be trusted.

This is a CITIBANK(unnamed bank) problem, not an outsourcing or Indian workforce problem. Citibank is just too big for it's britches and someone in Citibank's NJ HQ probably got a cut of this scam. Bet you'll see it come out in the investigation months from now, and how other banks are investigating stateside workers who are setting up these scams with workers abroad.

I don't think it's racist per se to point out that the scammers were Indian - because they were, and that's not going to change - but it would be racist to extrapolate from that that Indians in general can't be trusted because of the actions of one or two people.

Many customers are (rightly or wrongly) against offshoring and so Indian call-centre employees often use English-sounding pseudonyms. Some companies go as far as briefing their drones on the weather, football & soap-operas. Some can even put on regional accents.

Problem with that statement is that those Indians who are benefiting from the tide of outsourcing, are not those in poverty, but the upper crust of a still rigid class society, that still adheres to the caste system, despite proclaimations to the contrary.

At least this has been the firsthand experience I've had in training offshore replacements -- that these folks were all mostly from rich, well-to-do families, and were sheltered from lif

"Do I stay a poor slave, or take a chance at the HIGH life. My good side (If I have one) is saying: No, don't do it.....it's wrong.
But the gravity is much stronger on the other side. I've been poor and unfed all my life......living in a place where being in jail could mean I get fed at least daily....."

Do you even know what you area talking about? Call center workers are not 'poor slaves'... they make more money than the average Indian, and have better working conditions. Heck, please do get out of you